• Intro
• file
• process
• Q&A

Intro

Imagine you are a cybersecurity analyst at a mid-sized tech company. One morning, you receive multiple reports from employees that their web applications are behaving erratically. Upon investigation, you discover that the source code of several critical JavaScript files has been heavily obfuscated, making it difficult to understand and troubleshoot the code. This obfuscation includes the insertion of numerous misleading comments, variable renaming, and string encoding. Your task is to analyze the obfuscated JavaScript code, identify the obfuscation techniques used, and determine if any malicious code has been inserted.

1

假设你是一家中等规模科技公司的网络安全分析师。某天早晨，你收到多名员工报告称他们的网页应用出现异常行为。经调查，你发现几个关键 JavaScript 文件的源代码被严重混淆，导致代码难以理解和排查。这种混淆手段包括插入大量误导性注释、变量重命名以及字符串编码。你的任务是分析这些被混淆的 JavaScript 代码，识别所使用的混淆技术，并判断是否有恶意代码被植入。

File Location: /root/Desktop/ChallengeFile/sample.7z File Password: infected

file

Obfuscated%20JavaScript.7z

process

解压给的文件，内容如下： 看着就像是被混淆过的代码。

Q&A

• What is the name of the ActiveXObject created in the script?
  脚本中创建的 ActiveXObject 名称是什么？ Answer Format: *******.*******

• What WMI namespace is accessed in the script?
  脚本中访问的 WMI 命名空间是哪个？ Answer Format: ****\*****

• What is the initial value of the attempt variable in the script?
  脚本中 attempt 变量的初始值是多少？ Answer Format: *

• What function is used to enumerate network drives in the script?
  脚本中用于枚举网络驱动器的函数是什么？ Answer Format: *******.*****************

• How long does the script wait (in milliseconds) after executing the net use command?
  脚本在执行 net use 命令后等待多长时间（以毫秒计）？ Answer Format: ****

• What is the MSI package used for installation in the script called?
  脚本中用于安装的 MSI 包叫什么名字？ Answer Format: ***.***

• What is the final output message if the network drive removal fails in the script?
  如果脚本中网络驱动器移除失败，最终的输出消息是什么？ Answer Format: ******.

What function is used to check if a drive is mapped in the script?
脚本中使用哪个函数来检查驱动器是否已映射？ Answer Format: *************